Soni's Blog

Taking the Internet back

At some point the Internet was actually run mostly by normal ppl like you and me. We had BBSes and all sorts of fun. However, over time the internet became more and more centralized. First they came for the Internet Service Providers, then they came for the Web. And with this, we, users, have been left at the mercy of those who don't care about us.

So, what allowed them to do this, and what are some challenges to pushing back against it? For starters, the solution is NOT to go peer-to-peer. Peer-to-peer by itself doesn't solve any issues, and causes many more. This doesn't mean peer-to-peer is bad - combine it with the right components, and you have yourself something better than the alternatives, as seen in Git and Mercurial, for example.

One of the main challenges with the Web is probably logging in. The convenience of logging in to Search Site and having access to all your files on Virtual Storage Site and your email on Email Site and so on cannot simply be dismissed. Instead, what if we built a system where you can login to any of your accounts, and it automatically finds and logins to all your other accounts? This would require that you trust the websites and allow them to know about eachother, but you'd still be in control over which websites know about which other websites, and it would be possible to keep completely isolated accounts. Additionally, for a decentralized web, we probably don't want to trust everyone with our password, and we may even want to use alternative login methods instead. However, this should be squarely up to the user, not up to the websites. For this, one trivial solution would be to apply a Key Derivation Function to the username, password and domain name, such that all login methods use the same server-side code path.

Once that challenge is out of the way, the next challenge is likely to be moderation. Currently, a lot of places on the Web are very lightly moderated, and moderators are only invoked after shit hits the fan. Indeed, quite often conflict resolution is entirely up to the user. More often than not, this just leads to burnout, public call-outs, etc. But if the previously mentioned login/registration problem gets solved, that would also encourage users to seek out different places to be in, which would ideally lead them to places that meet their moderation needs.

Once the user can easily move across services, we just need to allow that user to stay in touch with their friends. We already have a sort of solution for this, and it's known as the Fediverse. If only we had a way of encouraging users to have multiple profiles on different instances, perhaps through an integrated login solution... There are certainly improvements to be made here, and we should blur the barriers between those instances. For example, remote interactions are currently far from ideal. They require you to go through a pop-up, asking you to input your fediverse handle. The Mastodon - Simplified Federation! Firefox extension provides a glimpse of what that blurring might look like.

Additionally, I find it hard to believe nomadic identity is a good solution for any of this. If anything, it undermines the moderation efforts, and as such runs directly counter to what I'm suggesting here. Perhaps it came as a surprise when I mentioned Git and Mercurial as "peer-to-peer", and that's a good point actually. Usually when ppl say "peer-to-peer", they're talking about cross-checked references, like in BitTorrent and Bitcoin. However, Git is also peer-to-peer. You can, in fact, use Git with no central repository anywhere. But there is a benefit to having a central repository somewhere - moderation. The equivalent of this for nomadic identity would be having an identity server somewhere - and, indeed, this defeats the purpose of having nomadic identity in the first place! As such you can't have nomadic identity and strong moderation. I'll always pick strong moderation over nomadic identity, yet I still believe in alternatives to centralized identity management - just not nomadic identity.

Besides the Web, we can also look at decentralizing Content Delivery Networks and other reverse-proxy arrangements. A very dangerous consequence of the way the Web currently works is that not all middleware is completely oblivious to HTTPS-encrypted content - Content Delivery Networks can see everything that goes between you and the server. Furthermore, they also make it hard or in many cases impossible to use Client Certificates, a security mechanism designed to offer the highest level of protection against active attackers. This problem is perhaps the single biggest threat to users, and it still remains to be solved. However, this is not a reason to give up - one does not have to use a Content Delivery Network in order to run a server, and the previous points would still benefit all of us, with or without Content Delivery Networks.

Take the Internet back, starting with the Web. But don't stop there. Also take back the Internet infrastructure.